Create a developer account at sandbox.dev.clover.com/developers. Enter and verify your email address. This will create a developer account for you, as well as a test merchant account.
We’ve created a sample inventory file that will help you get started with your test merchant. Use the dashboard inventory app to import this file.
A Clover web app is a browser-based integration that uses our REST API utilizing OAuth to create a secure connection to your web app. Web apps redirect a merchant from the Clover dashboard to a developer’s URL. Clover web apps offer a seamless experience that enables merchants to connect services through a central hub.
Clover web apps create an alternate integration path for scenarios where a native, on-device experience may not be appropriate. Clover developers have used our OAuth protocol for reporting, analytics, e-commerce integrations, etc.
The following web development guidelines are designed to help you produce high-quality apps with a smooth development and launch process. These foundations can help your apps provide the kind of excellent merchant experiences that attract and keep loyal subscribers.
Familiarize yourself with basic web security principles. The Open Web Application Security Project (OWASP) offers several resources that will help you get started:
- Because the Clover API allows access to a database, you will need to follow the security standards for database access.
- Web applications should access the Clover API using server-to-server requests when possible.
- You must securely store any data that your own services cache.
- Customer and employee-facing apps must prevent unauthorized users from accessing privileged data, including the Clover credentials your app uses.
- Use secure logins and session tracking if needed.
- Server logic should prevent unauthorized access to data by injection attacks.
- Any data passed to the client in any format should be considered vulnerable.
- Make it easy for merchants to login. The URL for your web app should launch the login flow, not navigate to the general home page for your business.
- Include your Web URL prior to submission and test it with an example OAuth request.
- All apps must be mobile-friendly.